Hello,
the attached patch fixes the bug in dm-raid1.c that
the region returned by __rh_alloc() may be freed while
it's in use.
__rh_alloc() write-unlocks the hash_lock after inserting the new region.
Though it read-locks the hash-lock just after that, it's possible
that the region was reclaimed by rh_update_states() as the region
was clean at the time.
CPU0 CPU1
-----------------------------------------------------------------------
__rh_alloc()
write_lock(hash_lock)
<insert new region to clean list>
write_unlock(hash_lock)
rh_update_states()
write_lock(hash_lock)
<move clean regions to freeable list>
write_unlock(hash_lock)
<free regions in the freeable list>
read_lock(hash_lock)
<return the region>
Signed-off-by: Jun'ichi Nomura <j-nomura ce jp nec com>